ALAS2-2018-1060


Amazon Linux 2 Security Advisory: ALAS-2018-1060
Advisory Release Date: 2018-08-21 23:34 Pacific
Severity: Important
References: CVE-2017-17833 

Issue Overview:

A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.(CVE-2017-17833 )


Affected Packages:

openslp


Issue Correction:
Run yum update openslp to update your system.

New Packages:
i686:
    openslp-2.0.0-7.amzn2.i686
    openslp-server-2.0.0-7.amzn2.i686
    openslp-devel-2.0.0-7.amzn2.i686
    openslp-debuginfo-2.0.0-7.amzn2.i686

src:
    openslp-2.0.0-7.amzn2.src

x86_64:
    openslp-2.0.0-7.amzn2.x86_64
    openslp-server-2.0.0-7.amzn2.x86_64
    openslp-devel-2.0.0-7.amzn2.x86_64
    openslp-debuginfo-2.0.0-7.amzn2.x86_64